Tacacs+ using both a local database and external db(active directory)
Is it possible to configure a Cisco device(aka, switch) to use a tacacs server that has both a local db and an external db? I currently have a test switch that is configured to use TACACS authentication where that authentication is an active directory db. Because our environment utilizes vendors to co-manage some of our devices I was wanting to create local accounts on the TACACS server for them. Both groups, local and AD would have the same privlieges while both be authenticated against two different databases.
We run ACS v5.5, and we do this. I have several users that exist only in the Internal Identity Store, and the server is also set up to authenticate against AD.
I created an Identity Store Sequence that looks first at AD, then at the Internal Identity Store when performing authentications. I then have rules in place in my access policies that allow (for example) full access to members of the AD group called "Admins" and the local group called "AdminUsers".
Can you elaborate on the rules you have in place? Even some screenshots with sensitive information blocked out? I can see how to create the Identity Store Sequence but I'm not sure how to implement this in the access policies and haven't been able to find much (any) information on implementing this.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...